source: http://www.securityfocus.com/bid/4876/info

Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation.

Under some circumstances, Tomcat may yield sensitive information about the web server configuration. When the source.jsp page is passed a malformed request, it may leak information. This information may include the web root directory, and possibly a directory listing.

http://example.com:80/examples/jsp/source.jsp??
http://example.com:80/examples/jsp/source.jsp?/jsp/